Home | About | Journal | Photos | Research | Resume

CRA-W Distributed Mentor Program
Summer 2003
Christine Tan | Professor Sonia Fahmy at Purdue University

< Journal >
WEEK 4: Moving forward 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

Monday, July 7
Talk at 10:30am on "Static Analysis Techniques for Specification-based Monitoring" by Somesh Jha who's visiting today from the University of Wisconsin. It's like what we saw in the Bluebox paper, but goes beyond. Normal patterns of system calls are translated into state diagrams that are non-deterministic. However making sure that the program's behavior follows a nondeterministic state diagram is too expensive, so they use a language called the Dyck language, taken from a 1962 Noam Chomsky paper, which is almost as powerful. Before running the program, the binary code is actually rewritten to tell the intermediary layer between the code and the operating system whenever a system call is made.

11:30am Carla's security reading group. Paper: EMERALD, a distributed intrusion detection system. We're not meeting again till next next Thursday, when there will be a talk on covert channels. Sounds interesting.

Tuesday, July 8
Met with Sonia at 11am. I have finished finding existing information on packet sanitization and the next step is to get some traces and develop the packet sanitization tool. The unique aspect of it will be that it will consider all packet fields, not just the IP addresses, since we are looking at the packet sanitization problem with the aim of simulating attacks, instead of network performance which is what it is more commonly used in.

Measured Response 2003. A workshop attended by people from government agencies and professors. Six speakers give presentations, with a Q&A session afterwards, the aim of which is to produce a white paper to outline goals of research for government funding. The presentations are long and detailed, and most of it was not very relevant. I take note of the differences in presentation styles. It was supposed to be from 3pm to 5pm, but inevitably went over. However, when we get out it's pouring outside, and I didn't bring an umbrella, so I'm stranded. I go to the library in the same building since all I really need to do my work is Internet access.

Wednesday, July 9
2:30-4:30pm Sonia's group meeting, the first one I've been to. Bogdan Carbunar, a grad student, presented his latest work on finding the boundaries of ad hoc networks.

Start working on sanitizer tool. There are three approaches I considered: writing a C program to parse a libpcap format file, use tcpdump unaltered (but not all fields are output, even using the most verbose option (-vv)), or modify tcpdump. I decide to modify tcpdump, and Sonia agrees with this assessment.

Thursday, July 10
Working on the packet sanitizer tool. I'm modifying tcpdump, a sanitizing shell script linked to by Vern Paxson's web site, and Crypto-PAN, the implementation of the algorithm described in the most recent paper I was able to find on prefix-preserving IP trace anonymization. So how it would work is that you would run a Bourne shell script that redirects the output from running one program into the next. Basically, the trace is output in text using Tcpdump, then anonymized using Crypto-PAN, with some steps in between to format everything exactly and to allow the user to choose which fields to anonymize, since Crypto-PAN only generizes anonymized IP addresses based on real addresses and a 256 bit key.

Friday, July 11
3:30pm Prof. Mike Atallah's group meeting, also with Sonia and Prof. Dongyuan Xu, to brainstorm on security and privacy issues.

Continuing to work on the packet sanitizer tool.

Saturday, July 12
Bought groceries. Borrowed Fermat's Enigma by Simon Singh, and Citizen Kane.

Sunday, July 13
Saw Terminator 3. Better than I expected. A simple storyline, but a good one which ties up everything in the end. It's amusing at times too.